public void GenerateResponse_EncodesParameters_OnTheFragment()
        {
            // Arrange
            var expectedLocation = "http://www.example.com/callback#state=%23%3F%26%3D&code=serializedcode";
            var httpContext      = new DefaultHttpContext();
            var generator        = new FragmentResponseGenerator(UrlEncoder.Default);
            var parameters       = new Dictionary <string, string[]>
            {
                ["state"] = new[] { "#?&=" },
                ["code"]  = new[] { "serializedcode" }
            };

            var response = new OpenIdConnectMessage(parameters);

            response.RedirectUri = "http://www.example.com/callback";
            // Act
            generator.GenerateResponse(httpContext, response.RedirectUri, response.Parameters);

            // Assert
            Assert.Equal(StatusCodes.Status302Found, httpContext.Response.StatusCode);
            Assert.Equal(expectedLocation, httpContext.Response.Headers[HeaderNames.Location]);
            var uri = new Uri(httpContext.Response.Headers[HeaderNames.Location]);

            Assert.False(string.IsNullOrEmpty(uri.Fragment));
            var fragmentParameters = QueryHelpers.ParseQuery(uri.Fragment.Substring(1));

            Assert.Equal(2, fragmentParameters.Count);
            var codeKvp = Assert.Single(fragmentParameters, kvp => kvp.Key == "code");

            Assert.Equal("serializedcode", codeKvp.Value);
            var stateKvp = Assert.Single(fragmentParameters, kvp => kvp.Key == "state");

            Assert.Equal("#?&=", stateKvp.Value);
        }
        public async Task Spec_IdToken_Sample()
        {
            // Arrange
            var httpContext = new DefaultHttpContext();

            httpContext.Request.QueryString = QueryString.FromUriComponent("?response_type=id_token&client_id=s6BhdRkqt3&redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb&scope=openid%20profile%20email&nonce=n-0S6_WzA2Mj&state=af0ifjsldkj");
            var requestParameters = httpContext.Request.Query.ToDictionary(kvp => kvp.Key, kvp => (string[])kvp.Value);

            var requestFactory   = CreateRequestFactory();
            var tokenIssuer      = GetTokenIssuer();
            var fragmentExecutor = new FragmentResponseGenerator(UrlEncoder.Default);

            var user            = CreateUser("248289761001");
            var application     = CreateApplication("s6BhdRkqt");
            var responseFactory = CreateAuthorizationResponseFactory();

            // Act
            var result = await requestFactory.CreateAuthorizationRequestAsync(requestParameters);

            var tokenContext = result.CreateTokenGeneratingContext(user, application);

            await tokenIssuer.IssueTokensAsync(tokenContext);

            var response = await responseFactory.CreateAuthorizationResponseAsync(tokenContext);

            fragmentExecutor.GenerateResponse(httpContext, response.RedirectUri, response.Message.Parameters);

            // Assert
            Assert.Equal(StatusCodes.Status302Found, httpContext.Response.StatusCode);
            Assert.False(StringValues.IsNullOrEmpty(httpContext.Response.Headers[HeaderNames.Location]));
            var uri = new Uri(httpContext.Response.Headers[HeaderNames.Location]);

            Assert.False(string.IsNullOrEmpty(uri.Fragment));
            var parameters = QueryHelpers.ParseQuery(uri.Fragment.Substring(1));

            Assert.Equal(2, parameters.Count);
            var idTokenKvp = Assert.Single(parameters, kvp => kvp.Key == "id_token");
            var stateKvp   = Assert.Single(parameters, kvp => kvp.Key == "state");

            Assert.Equal("af0ifjsldkj", stateKvp.Value);
        }